Running with Least Privilege on Windows

Aaron Margosis pointed out to me today his weblog which contains some good references and information about running as a limited user on Windows. He had an interesting comment on my different credentials post I did almost a year ago in which he uses a shortcut directly to a cmd window with runas instead of using the explorer view. His suggestion is to do:

C:\WINDOWS\system32\runas.exe /u:Administrator "%windir%\System32\cmd.exe /k cd c:\ && color fc && title ***** Admin console *****"

Makes total sense if you want to use an admin shell. Personally I prefer having the UI available through the explorer view... which has its own limits. This way I don't have to try to remember where the CPL paths are, or what they are called. I just click 'My Computer' and then 'Control Panel' and have at 'er. To each his own. Aaron has some good pointers on his blog about different ways of approaching this. Consider checking it out.